From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Fri, 1 Jun 2012 07:27:09 +0000 (+0200)
Subject: Validate content of reports made by clients.
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=df1ec683f930734d7532bd3dc3b10c46da947748;p=platal.git

Validate content of reports made by clients.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/modules/core.php b/modules/core.php
index d0168b2..af55a24 100644
--- a/modules/core.php
+++ b/modules/core.php
@@ -225,7 +225,15 @@ class CoreModule extends PLModule
     function handler_register_error($page)
     {
         if (S::has_xsrf_token() && Post::has('error') && Post::has('url')) {
-            PlErrorReport::report("Client error on " . Post::s('url') . ":\n\n" . Post::s('error'));
+            $error = Post::s('error');
+            if (strlen($error) > 20000) {
+                exit;
+            }
+            $json = @json_decode($error, true, 3);
+            if (!is_array($json) || count($json) === 0) {
+                exit;
+            }
+            PlErrorReport::report("Client error on " . Post::s('url') . ":\n\n" . $error);
         }
         exit;
     }